Top Five Global Retailer

Easy installation and integration, extensibility and unparalleled accuracy against the most sophisticated attacks convinced the retailer to adopt PerimeterX as its bot defense platform to safeguard multiple brands.

Download Case Study

Company

This Fortune 50 company is one of the five largest retailers in the world, with multiple large brands and thousands of physical stores globally. The total number of monthly visitors to the company’s websites and its mobile applications eclipses 400 million; the number of individual page and mobile application requests is over 2 billion per month.

Problem

As a leading global retail brand with multiple brand properties, the company found itself under constant attack from malicious bot traffic and sophisticated operators of botnets. Often coming at global scale with tens of thousands of IP addresses and thousands of virtual and physical machines or browsers, the attacks were unpredictable and constantly changing.

Attackers attempted account takeovers, trying millions of username/password combinations acquired or lifted from the Dark Web to compromise and hijack the accounts of legitimate customers.

Previously, the retailer was using a solution that provided poor accuracy generating numerous false positives that prevented real users from shopping, causing the potential for sales losses and brand damage. The previous solution was also limited to deployment over a specific infrastructure, preventing the retailer from creating a resilient and diversified network and Content Delivery Network (CDN) infrastructure. Many CDN providers tack on security solutions like distributed denial of services (DDoS) protection and web application firewalls (WAF). These solutions are often positioned as bot management capabilities. While these products work well to stop volumetric attacks like DDoS and provide basic filtering capabilities, they fall short when it comes to stopping sophisticated bots that target business logic and attempt attacks such as account takeover, fake account creation, carding, gift card fraud, online scalping and web scraping. They needed more flexibility, higher accuracy, and a solution that was more forward looking; one not focused on simple signatures and profiling, but could dynamically learn and recognize new attack types. Lastly, the retailer’s information security team had been using in-house tools to tackle the bot problem. As the scope and diversity of advanced bot attacks grew, this became too expensive, time consuming and technically challenging.

 

Learn more about Digital Skimming

Over the course of the attack, Bot Defender maintained accuracy of over 99.996%, keeping false positives to the lowest level the retailer’s team had ever seen.

Solution

The retailer’s e-commerce information security team selected PerimeterX Bot Defender and tested it in a sandbox before deploying live, a common practice. This test process was simplified by the ease of integration and simple configuration requirements, because Bot Defender is a true SaaS product that is extensible to any level of infrastructure and a variety of website, CDN and middleware components. The machine learning capabilities of Bot Defender also proved an important selling point. The retailer’s information security team wanted something that would futureproof their business and catch entirely novel attacks. This was critical because botnet operators are constantly changing their approach. The retailer’s security team was particularly impressed with the highly accurate and flexible nature of the Bot Defender detection capabilities. It continually updates its pattern-matching algorithms based on all attacks experienced across the entire PerimeterX network, a unique shared intelligence and threat prediction capability.

Bot Defender

Result

After testing, validating and deploying Bot Defender, the retailer’s security team watched the product’s dashboard closely to see their new solution’s impact on bot attacks in real-time. Within a day, the first major attack occurred, targeting one of the retailer’s largest brands. This was a comparatively sophisticated attack using generation-4 bots that mimicked human user behaviors. PerimeterX identified the anomalous behaviors, mapped the attack and blocked the bots. Over the course of the attack, Bot Defender maintained accuracy of over 99.996%, keeping false positives to the lowest level the retailer’s team had ever seen. Based on this early success, the retailer deployed Bot Defender to protect its brand websites and its mobile apps, rolling it out in a phased approach. The team appreciated the accuracy of Bot Defender and found the the PerimeterX team easy to work with. With this success under their belts, the retailer’s team considers Bot Defender to be a core part of their security and eCommerce solution stack, and plans to utilize it on every brand property.

 

Learn more about Bot Defender

With this success under their belts, the retailer’s team considers Bot Defender to be a core part of their security and eCommerce solution stack, and plans to utilize it on every brand property.

Secure Your Digital Business with PerimeterX

  • Accurate Threat Identification Icon
  • Accurate Threat Identification

  • Using machine learning and behavior-based analytics, PerimeterX solutions detect and block automated bot attacks and client-side threats with unparalleled accuracy. Your online business is protected while preserving user experience and page response times.

  • Fully Compatible Integration Icon
  • Fully Compatible Integration

  • PerimeterX is cloud-based and platform-agnostic. Using machine learning, we constantly update our library of attack patterns based on interactions with applications, fingerprints from devices and network characteristics to protect against the next new threat.

  • Frictionless Customer Experience Icon
  • Frictionless Customer Experience

  • To keep watch over your web and mobile applications and APIs, PerimeterX functions as an extension of your team and provides responsive, best-in-class service and around-the-clock security analyst oversight.

© PerimeterX, Inc. All rights reserved.